[Swan] Is it possible to apply a (private) policy to host-to-host vpn-cfg ?
luie at mailbox.org
Fri Apr 17 02:08:50 UTC 2020
I would like to use different host-to-host vpns to "authenticate" the
hosts before they can communicate with each other and solved this with
RSASIG-Keys yet - works fine.
To secure it up completely I would like to ask if there is any way I
could apply a "private or drop/hold packet" policy to my vpn configs so
that packets are encrypted in ANY case before they leave the box? I used
the parameters already but the shunting/whack (don't know whats the
right name for it) policies didn't came up. I think because it just
works with "conn private" and %opportunisticgroup right? Is there any
other way to achieve this so that I can stick with my rsasigkeys?
Because I've different levels of security (roles) it would be great to
find a way, because then I really know which host can talk to whom.
Boxes running @ centOS 8 with libreswan 3.29-6.el8.
# use auto=start when done testing the tunnel
Thanks in advance
More information about the Swan